Privacy is sexy ππ
Introduction
As a technology professional, I am agnostic when it comes to operating systems. The only thing I am concerned about is how the hardware and tools I use will help me be productive and at the same time protect my data and privacy in an increasingly surveillent society. For today I will be going through my experience of creating a CLI app to automate my security and privacy hardening process, challenges faced and how theyβre resolved.
You can check out the project here https://github.com/brootware/privacy-sexy-lite
Finding any existing open source projects
So I have both Windows and MacOS platforms running on my devices and virtual machines that I will need to do security and privacy hardening on personally. Just like any other tech professional with a github account, I searched for any existing tools that I could use to not reinvent the wheel. Usually a lot of time are lost and progression is slow if you do not know How to stand on shoulders of giant. A recommended read by Quincy Larson, freecodecampβs founder.
A privacy.sexy web app
After searching around, I come across a project called privacy.sexy. A web application with really nice user interface for normal everyday users. The users can go to the web page, find security features explained in plain english that they can turn on or turn off using batch (for Windows) and bash (for MacOs) scripts. The commands are shown to the user through a Web UI as below.
There is also an desktop version of the app avialable for download that you can view the scripts offline. However, the web app is intended for users to manually run the script one at a time.
Turning it into cli app for Mac and Windows
Being a power user with multiple sandbox VMs I want to run these scripts on, it made sense for me to wrap all the standard recommended settings in a cli app that I can provision through vagrant. Simply put the cli app has to be :
- Portable. (Cross platofrm for both Mac and Windows)
- Group and modularize standard recommended hardening functions
- Easily invoked via command line interface for automation
- Should not break any systems
However Iβd still advise you to use with caution as different machines could have different effect after running the commands.
So a Bash script cli app for MacOS and Powershell script cli app for Windows is developed to call the recommended functions for security and privacing hardening.
Challenges faced and how theyβre resolved
As I started developing, I come across a few challenges.
Firstly the initial script was very monolithic. All of the functions for privacy cleanup, security hardening were all contained in 1 script. Check out the commit history here. From experience this could cause headaches in the future.
To remedy this and make the codebase easier to maintain, all of the functions are separated into different source files. (Yeah I guess this wasnβt even a big challenge. But an insight I wanted to share nevertheless.)
The second challenge is more interesting. Here is the snippet of a windows command that clears up Steamβs (a game store application) logs and traces.
1
2
3
4
5
6
7
8
:: ----------------------------------------------------------
:: -----------Clear Steam dumps, logs, and traces------------
:: ----------------------------------------------------------
echo --- Clear Steam dumps, logs, and traces
del /f /q %ProgramFiles(x86)%\Steam\Dumps
del /f /q %ProgramFiles(x86)%\Steam\Traces
del /f /q %ProgramFiles(x86)%\Steam\appcache\*.log
:: ----------------------------------------------------------
From the snippet above, the code is written in batch for hardening windows. By the time I noticed it I had already written a skeleton powershell app.
1
2
3
4
5
6
7
:: ----------------------------------------------------------
:: --------------Disable Google update service---------------
:: ----------------------------------------------------------
echo --- Disable Google update service
schtasks /change /disable /tn "GoogleUpdateTaskMachineCore"
schtasks /change /disable /tn "GoogleUpdateTaskMachineUA"
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'gupdate'; Write-Host
Some snippets are also invoking powershell from batch! I was stuck for a couple of days and took some time off to think about solving this. (Also quite lazy to rewrite the app in batch) After a few days of researching and asking around the Powershell discord community, I found a way to invoke all the batch functions directly from Powershell. Something like below.
1
2
3
function remove_bloatware {
& '.\batch_scripts\remove_bloatware.bat'
}
With this solution, I have grouped all the common functions and made it a lot more modular. Below is a screenshot of a cli app. A user is able to choose what he or she wants to do from the menu.
Arguments can be passed to the app too to run the security hardening directly from commandline
Conclusion
Thank you for reading this short blog, please do give the app a try at https://github.com/brootware/privacy-sexy-lite. And if you ran into any issues, please log it here.